Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2023-53741

    Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established... Read more

    • Published: Dec. 10, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-64373

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in shinetheme Traveler traveler allows PHP Local File Inclusion.This issue affects Traveler: from n/a through < 3.2.6.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-6326

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Inset inset allows PHP Local File Inclusion.This issue affects Inset: from n/a through <= 1.18.0.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-65879

    Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOAD_PATH and passed to File.... Read more

    Affected Products : warehouse_management_system
    • Published: Dec. 05, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-49359

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ShieldGroup shieldgroup allows PHP Local File Inclusion.This issue affects ShieldGroup: from n/a through <= 2.13.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-53439

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Harper harper allows PHP Local File Inclusion.This issue affects Harper: from n/a through <= 1.13.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-57489

    Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary.... Read more

    Affected Products : superduper\!
    • Published: Dec. 01, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-58923

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Critique critique allows PHP Local File Inclusion.This issue affects Critique: from n/a through <= 1.17.... Read more

    Affected Products : critique
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-60064

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Renewal renewal allows PHP Local File Inclusion.This issue affects Renewal: from n/a through <= 1.2.2.... Read more

    Affected Products : renewal
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-60065

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pinevale pinevale allows PHP Local File Inclusion.This issue affects Pinevale: from n/a through <= 1.0.14.... Read more

    Affected Products : pinevale
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-60066

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Katelyn katelyn allows PHP Local File Inclusion.This issue affects Katelyn: from n/a through <= 1.0.10.... Read more

    Affected Products : katelyn
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-13516

    The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin's save_file() function in inc/emails/handler/uploads.php which duplic... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-60061

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Kicker kicker allows PHP Local File Inclusion.This issue affects Kicker: from n/a through <= 2.2.0.... Read more

    Affected Products : kicker
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-53447

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Assembly assembly allows PHP Local File Inclusion.This issue affects Assembly: from n/a through <= 1.1.... Read more

    Affected Products : assembly
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2024-39148

    The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protecte... Read more

    Affected Products : keros
    • Published: Dec. 01, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-0248

    HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input. A remote, unauthenticated attacker can specially craft a URL to execute script in a victim's Web browser within the sec... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-42615

    In affected versions, vulnerability-lookup did not track or limit failed One-Time Password (OTP) attempts during Two-Factor Authentication (2FA) verification. An attacker who already knew or guessed a valid username and password could submit an arbitra... Read more

    Affected Products :
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-60059

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes smart SEO smartSEO allows PHP Local File Inclusion.This issue affects smart SEO: from n/a through <= 2.12.... Read more

    Affected Products : smartseo
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-60060

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pubzinne pubzinne allows PHP Local File Inclusion.This issue affects Pubzinne: from n/a through <= 1.0.12.... Read more

    Affected Products : pubzinne
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-13813

    A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiate... Read more

    Affected Products : mogublog
    • Published: Dec. 01, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Authorization
Showing 20 of 4920 Results